RSS
 

This topic describes the steps required to create service accounts for VMware Tanzu Kubernetes Grid Integrated Edition on Google Cloud Platform (GCP).

Note: Support for GCP is deprecated and will be entirely removed in a future TKGI version.

In order for Kubernetes to create load balancers and attach persistent disks to pods, you must create service accounts with sufficient permissions.

You need separate service accounts for Kubernetes cluster control plane and worker node VMs. VMware recommends configuring each service account with the least permissive privileges and unique credentials.

Create the Control Plane Node Service Account

  1. From the GCP Console, select IAM & admin > Service accounts.
  2. Click Create Service Account.
  3. Enter a name for the service account, and add the following roles:
    • Compute Engine
      • Compute Instance Admin (v1)
      • Compute Network Admin
      • Compute Security Admin
      • Compute Storage Admin
      • Compute Viewer
    • Service Accounts
      • Service Account User
  4. Click Create.

Create the Worker Node Service Account

  1. From the GCP Console, select IAM & admin > Service accounts.
  2. Click Create Service Account.
  3. Enter a name for the service account, and add the Compute Engine > Compute Viewer role.
  4. Click Create.

Next Installation Step

To create a load balancer in GCP, follow the instructions in Creating a GCP Load Balancer for the TKGI API.

check-circle-line exclamation-circle-line close-line
Scroll to top icon